U.S. Justice Department Raises Concerns Regarding Proposal to Limit Federal Government's Access to 'Cloud' Data

By Oded Green

On April 6, 2011, the Senate Judiciary Committee held a hearing regarding a proposed update to the Electronic Communications Privacy Act (ECPA) in light of cloud computing and other technological developments that have occurred since the statute was enacted more than two decades ago. The ECPA is comprised of three laws -- the Wiretap Act, the Stored Communications Act, and the Pen Register Act -- which govern when certain parties, including law enforcement and other governmental authorities, may access communications and related data and to whom they may disclose those communications and data.

According to Senate Judiciary Committee Chairman, Patrick Leahy, with the explosion of cloud computing, social networking sites and other new technologies, determining how to bring ECPA into the digital age is one of Congress’ greatest challenges. He added that ECPA is “hampered by conflicting standards that cause confusion for law enforcement, businesses and consumers." For example, the content of a single e-mail could be subject to as many as four different levels of privacy protections under ECPA, depending on where it is stored, and when it is sent.

Continue Reading...
Tweet Like Email

High Court to AT&T: Don't Take It Personally, But You Have No "Personal Privacy"

By Bruce Nielson.

The U.S. Supreme Court recently held that AT&T and other corporations do not have “personal privacy” for purposes of an exemption from the information disclosure requirements of the Freedom of Information Act (“FOIA”). In its unanimous opinion in FCC v. AT&T Inc., the court rejected “the argument that because ‘person’ is defined for purposes of FOIA to include a corporation, the phrase ‘personal privacy’ in [FOIA] Exemption 7(C) reaches corporations.” The court held: “The protection in FOIA against disclosure of law enforcement information on the ground that it would constitute an unwarranted invasion of personal privacy does not extend to corporations.”

The AT&T case arose in connection with an FCC investigation into whether AT&T overcharged the government for services rendered in connection with an FCC-administered program designed to enhance access to information and telecommunications services by schools and libraries. During the investigation, AT&T provided documents to the FCC that included information about employees involved in the program and invoices and emails with pricing and billing information. The FCC and AT&T resolved the matter in 2004.

Continue Reading...
Tweet Like Email

CALEA II - Bigger and Badder?

Recent leaks to the New York Times, as reported in September and October, indicate that the Obama administration will next year be pushing for sweeping expansions of the Communications Assistance for Law Enforcement Act (CALEA).  CALEA facilitates government surveillance by, among other things, requiring companies subject to the law both to design their systems so that the government can easily plug in and intercept communications in real-time and to provide assistance to the government in these efforts. 

 

A task force comprised of representatives from DOJ, Commerce, the FBI, and other agencies, are discussing amendments to the law.  These changes would greatly expand the reach of CALEA, would significantly increase the costs of non-compliance for covered companies, and would include other requirements which may fundamentally change business models for companies promising encryption and decentralized communication services.    

 

 

Continue Reading...
Tweet Like Email